From patchwork Wed Oct 14 12:36:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: timothee.cocault@orange.com X-Patchwork-Id: 1382115 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=orange.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=orange.com header.i=@orange.com header.a=rsa-sha256 header.s=ORANGE001 header.b=amWvu0nh; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4CBBv82cRnz9sS8 for ; Wed, 14 Oct 2020 23:44:36 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387895AbgJNMof (ORCPT ); Wed, 14 Oct 2020 08:44:35 -0400 Received: from relais-inet.orange.com ([80.12.70.34]:30335 "EHLO relais-inet.orange.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727061AbgJNMof (ORCPT ); Wed, 14 Oct 2020 08:44:35 -0400 X-Greylist: delayed 465 seconds by postgrey-1.27 at vger.kernel.org; Wed, 14 Oct 2020 08:44:09 EDT Received: from opfednr04.francetelecom.fr (unknown [xx.xx.xx.68]) by opfednr21.francetelecom.fr (ESMTP service) with ESMTP id 4CBBjY5ftrz5wcp; Wed, 14 Oct 2020 14:36:17 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1602678977; bh=yLOl+3a0QfEkhIAkH15hxs5ueFmCw6wqgrguwCAHEyM=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=amWvu0nhL9OnrWKM0G/ZVcC3VlSEd0yI8pqOGsV5DUr5SijGBuXfBw47C65LFYSwA jpb8yXPHKtslbelgk9qKw/xEkP5W4L594W2vENC7OPGCirfMFgDK617eg4pJsJCE0c vbujAfb/sTtrMeYZRb63jO0dKyNYQhug6M26W7CdlpyBxWdGcVpltRwEe5i4FAbJG4 APysecTzWwHN7FA/L39j/iFzamFeAWaxlAP4d1PhgmkC8xPriZTaDhyKbvQtvfdn+U Bdgi9NH+TjskDu2X5YU9FZc4Bg3M7cZ5heWEYxxhfhwiZ6Lb2MdsWwSu+G15tmp/OQ yDl1OXkdlS0SA== Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.38]) by opfednr04.francetelecom.fr (ESMTP service) with ESMTP id 4CBBjY3hJyz1xpn; Wed, 14 Oct 2020 14:36:17 +0200 (CEST) From: To: Florian Westphal CC: Pablo Neira Ayuso , "netfilter-devel@vger.kernel.org" Subject: [PATCH] Fixes dropping of small packets in bridge nat Thread-Topic: [PATCH] Fixes dropping of small packets in bridge nat Thread-Index: AdaiJfnLCbqjhfLJSFW6PuhIUoGIhg== Date: Wed, 14 Oct 2020 12:36:15 +0000 Message-ID: <585B71F7B267D04784B84104A88F7DEE0DB503A6@OPEXCAUBM34.corporate.adroot.infra.ftgroup> Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.114.13.245] MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Fixes an error causing small packets to get dropped. skb_ensure_writable expects the second parameter to be a length in the ethernet payload. If we want to write the ethernet header (src, dst), we should pass 0. Otherwise, packets with small payloads (< ETH_ALEN) will get dropped. Signed-off-by: Timothée COCAULT Reviewed-by: Florian Westphal --- net/bridge/netfilter/ebt_dnat.c | 2 +- net/bridge/netfilter/ebt_redirect.c | 2 +- net/bridge/netfilter/ebt_snat.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) ether_addr_copy(eth_hdr(skb)->h_source, info->mac); diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index 12a4f4d93681..3fda71a8579d 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c @@ -21,7 +21,7 @@ ebt_dnat_tg(struct sk_buff *skb, const struct xt_action_param *par) { const struct ebt_nat_info *info = par->targinfo; - if (skb_ensure_writable(skb, ETH_ALEN)) + if (skb_ensure_writable(skb, 0)) return EBT_DROP; ether_addr_copy(eth_hdr(skb)->h_dest, info->mac); diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index 0cad62a4052b..307790562b49 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c @@ -21,7 +21,7 @@ ebt_redirect_tg(struct sk_buff *skb, const struct xt_action_param *par) { const struct ebt_redirect_info *info = par->targinfo; - if (skb_ensure_writable(skb, ETH_ALEN)) + if (skb_ensure_writable(skb, 0)) return EBT_DROP; if (xt_hooknum(par) != NF_BR_BROUTING) diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index 27443bf229a3..7dfbcdfc30e5 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c @@ -22,7 +22,7 @@ ebt_snat_tg(struct sk_buff *skb, const struct xt_action_param *par) { const struct ebt_nat_info *info = par->targinfo; - if (skb_ensure_writable(skb, ETH_ALEN * 2)) + if (skb_ensure_writable(skb, 0)) return EBT_DROP;